Add getdns_context_set_return_dnssec_status

2014-02-20 15:42:10 -05:00 · 2014-02-20 15:42:10 -05:00 · 48fea8d9e0
parent 097e6936cb
commit 48fea8d9e0
7 changed files with 62 additions and 3 deletions
--- a/src/context.c
+++ b/src/context.c
@ -1734,5 +1734,15 @@ getdns_context_get_api_information(getdns_context* context) {
    return result;
 }

+getdns_return_t
+getdns_context_set_return_dnssec_status(getdns_context* context, int enabled) {
+    RETURN_IF_NULL(context, GETDNS_RETURN_INVALID_PARAMETER);
+    if (enabled != GETDNS_EXTENSION_TRUE ||
+        enabled != GETDNS_EXTENSION_FALSE) {
+        return GETDNS_RETURN_INVALID_PARAMETER;
+    }
+    context->return_dnssec_status = enabled;
+    return GETDNS_RETURN_GOOD;
+}

 /* context.c */
--- a/src/context.h
+++ b/src/context.h
@ -38,6 +38,7 @@
 #define _GETDNS_CONTEXT_H_

 #include <getdns/getdns.h>
+#include <getdns/getdns_extra.h>
 #include "types-internal.h"

 struct getdns_dns_req;
@ -96,6 +97,7 @@ struct getdns_context {
 	 * the real work */
 	struct ub_ctx *unbound_ctx;
 	int has_ta; /* No DNSSEC without trust anchor */
+    int return_dnssec_status;

 	/* which resolution type the contexts are configured for
 	 * 0 means nothing set
--- a/src/getdns/getdns_extra.h
+++ b/src/getdns/getdns_extra.h
@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2013, NLNet Labs, Versign, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * * Neither the name of the <organization> nor the
+ *   names of its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _GETDNS_CONTEXT_H_
+#define _GETDNS_CONTEXT_H_
+
+#include <getdns/getdns.h>
+
+/* Enable the return_dnssec_status extension on every request.
+   value is either GETDNS_EXTENSION_TRUE or GETDNS_EXTENSION_FALSE
+   returns GETDNS_RETURN_GOOD on success or GETDNS_RETURN_INVALID_PARAMETER
+   if context or value is invalid */
+getdns_return_t getdns_context_set_return_dnssec_status(getdns_context* context, int enabled);
+
+#endif
--- a/src/request-internal.c
+++ b/src/request-internal.c
@ -130,6 +130,7 @@ dns_req_new(struct getdns_context *context,
 	result->trans_id = ldns_get_random();

 	getdns_dict_copy(extensions, &result->extensions);
+    result->return_dnssec_status = context->return_dnssec_status;

 	/* will be set by caller */
 	result->user_pointer = NULL;
--- a/src/rr-dict.c
+++ b/src/rr-dict.c
@ -660,7 +660,7 @@ priv_getdns_equip_dict_with_hip_rdfs(struct getdns_dict* rdata, ldns_rr* rr,
    r |= getdns_dict_set_bindata(rdata, def->rdata[1].name, &hit_data);
    r |= getdns_dict_set_bindata(rdata, def->rdata[2].name, &key_data);
    if (r != GETDNS_RETURN_GOOD) {
-        return r;
+        return GETDNS_RETURN_GENERIC_ERROR;
    }

    if (ldns_rr_rd_count(rr) > 1) {
@ -682,6 +682,9 @@ priv_getdns_equip_dict_with_hip_rdfs(struct getdns_dict* rdata, ldns_rr* rr,
        }
        /* always clean up */
        getdns_list_destroy(servers);
+        if (r != GETDNS_RETURN_GOOD) {
+        	return GETDNS_RETURN_GENERIC_ERROR;
+        }
    }

    return r;
--- a/src/types-internal.h
+++ b/src/types-internal.h
@ -180,6 +180,9 @@ typedef struct getdns_dns_req
    /* local timeout id */
    getdns_transaction_t local_timeout_id;

+    /* dnssec status */
+    int return_dnssec_status;
+
 } getdns_dns_req;

 #define MF_PLAIN ((void *)&plain_mem_funcs_user_arg)
--- a/src/util-internal.c
+++ b/src/util-internal.c
@ -551,7 +551,8 @@ create_getdns_response(struct getdns_dns_req * completed_request)
 	dnssec_return_only_secure = is_extension_set(
 	    completed_request->extensions, "dnssec_return_only_secure");
 	dnssec_return_status = dnssec_return_only_secure || is_extension_set(
-	    completed_request->extensions, "dnssec_return_status");
+	    completed_request->extensions, "dnssec_return_status") ||
+        completed_request->return_dnssec_status == GETDNS_EXTENSION_TRUE;

 	if (completed_request->first_req->request_class == GETDNS_RRTYPE_A ||
 	    completed_request->first_req->request_class ==
@ -617,7 +618,7 @@ create_getdns_response(struct getdns_dns_req * completed_request)
 		}
 		if (dnssec_return_status || dnssec_return_validation_chain) {
 			r = getdns_dict_set_int(reply, "dnssec_status",
-			    ( netreq->secure   ? GETDNS_DNSSEC_SECURE 
+			    ( netreq->secure   ? GETDNS_DNSSEC_SECURE
 			    : netreq->bogus    ? GETDNS_DNSSEC_BOGUS
 			    : rrsigs_in_answer(netreq->result) &&
 			      completed_request->context->has_ta